The choice of programming languages is one of the most critical decisions in any programming project. And there’s no shortage of choices. In the 60-year history of computer programming, hundreds of different languages have been designed and used for various purposes.
Take high-integrity systems, where failure is not an option, to repeat the famous NASA quote. We’re at the mercy of software-controlled devices when we fly on a modern plane, ride a high-speed train, or undergo complex medical tests. Bugs in the software can lead to serious injury or death—perhaps on a huge scale, considering the latest jets, which carry hundreds of people.
But even when life and limb aren’t at stake, software security and reliability are of paramount importance. Just consider the growing number of cyber attacks or the need to enforce the confidentiality and integrity of critical financial information. So what’s the best programming language in the high-integrity domain?
First, it’s important to point out that there’s no “magic bullet” solution. Choosing the “right” language doesn’t ensure success, and choosing the “wrong” one doesn’t guarantee failure. Nevertheless, language does play an important part, and some languages are simply better suited to this kind of programming.
Some languages are designed to be easy to write so applications can be composed and fielded rapidly. It typically isn’t a big deal when a Web site devoted to chit-chat fails, so it may be quite appropriate to use languages that allow such sites to be quickly constructed. But development speed takes a back seat to security and safety in high-integrity applications, and that’s where Ada excels.
The Ada language was specifically designed with large high-integrity applications in mind. Its semantic foundation is based on enforcing program consistency, safety, and security—at compile time if possible, with checks that prevent data-type mismatches, and at run time when necessary, detecting buffer overflow and other problems.
Ada encourages modular software design and easy maintainability. Its well-defined semantics suitable for formal methodologies give it an advantage over competing languages in the high-integrity domain. Indeed, the Ada standard is unique in providing a specific section on safety and security, the High-Integrity Systems Annex.
Especially relevant to today’s wide use of multicore architectures, Ada also offers high-level, well-defined concurrency support. This separates Ada from C and C++, which have no built-in support for concurrency, and Java, which has error-prone low-level support unsuitable for high-integrity systems.
It’s no surprise that Ada is the language of choice for many of today’s most critical programs. Airbus and Boeing both use it in their new aircraft. The next-generation Air Traffic Control (ATC) system for the U.K., iFACTS, is being developed entirely in Ada. The current ATC system in continental Europe uses Ada extensively.
Ada also continues to be employed in medical technology (JEOL’s Nuclear Magnetic Resonance instrument), high-security smart-card operating systems (MULTOS Certificate Authority), semiconductor manufacturing (Philips ITEC), and financial applications (PostFinance, New Trade Research).
Traditionally, Ada has seen heavy use in defense and aerospace applications, which use the language both to exploit the reuse of existing software and to take advantage of its real-time functionality. And Ada is literally out of this world, implementing software on the International Space Station.
Back on Earth, Ada can be found in the Canal+ movie delivery system in France. Of course, no one dies when a movie conks out. But you would have millions of angry customers if the last 10 minutes of the latest blockbuster disappeared due to a software bug.
The news seems to include stories about major security breaches of personal data in online databases almost every week. While these applications are increasing and may not be safety-critical, as no human lives are actually threatened, they still need to be reliable.
Pessimists would say that all big software systems have bugs and there’s nothing you can do about them, but they are dangerously misinformed. We know how to write reliable large-scale programs, and Ada is critical in their success.